General

  • Target

    44131a0098c8c09a5abc051edde891e73cea39e90ca3d18ddd0d56463f5e1e7f

  • Size

    1.2MB

  • Sample

    231013-fjl84aef5z

  • MD5

    949af418f05b8c4541a6cdf984c3d5fa

  • SHA1

    9f66b57c6747d9767625743b1d04b0051dce23c0

  • SHA256

    44131a0098c8c09a5abc051edde891e73cea39e90ca3d18ddd0d56463f5e1e7f

  • SHA512

    67002911c4a51b86f1cb551fd1e008f2f0420acc54c80bf0f42fe8924aa826d5fa5b95b9018113e38139f5b3d686a352a44f8fa28ef3c5011c102dd9d7510873

  • SSDEEP

    24576:sBuqRM9Hm263B/dL4wVoLAJyq46laOICoMcapo8KjZfU2y98DxL1DvxnG:cuqRcHD6D1GLAJGOFi9c2y9O5tG

Malware Config

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes
  • auth_value

    f6cf7a48c0291d1ef5a3440429827d6d

Targets

    • Target

      44131a0098c8c09a5abc051edde891e73cea39e90ca3d18ddd0d56463f5e1e7f

    • Size

      1.2MB

    • MD5

      949af418f05b8c4541a6cdf984c3d5fa

    • SHA1

      9f66b57c6747d9767625743b1d04b0051dce23c0

    • SHA256

      44131a0098c8c09a5abc051edde891e73cea39e90ca3d18ddd0d56463f5e1e7f

    • SHA512

      67002911c4a51b86f1cb551fd1e008f2f0420acc54c80bf0f42fe8924aa826d5fa5b95b9018113e38139f5b3d686a352a44f8fa28ef3c5011c102dd9d7510873

    • SSDEEP

      24576:sBuqRM9Hm263B/dL4wVoLAJyq46laOICoMcapo8KjZfU2y98DxL1DvxnG:cuqRcHD6D1GLAJGOFi9c2y9O5tG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks